Privacy Policy

General Information

Data protection is a matter of trust, and your trust is important to us. We take the protection of your personal data very seriously. We process your data in accordance with the applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and any other applicable legal provisions.

This Privacy Policy explains how Stoxcraft OG processes your personal data and informs you of your rights. Personal data means any information relating to an identified or identifiable natural person, such as your name, email address, or IP address.

We collect and process personal data when you use our website or services. The specific purposes and legal bases for processing are described in detail below in this Privacy Policy. We only share your data with third parties where this is necessary for the provision of our services, required by law, or basused on your consent.

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, misuse, or disclosure. However, please note that data transmission over the internet (e.g., communication by email) may still involve security risks and cannot be completely protected against access by third parties.

1. Updates

We may update this Privacy Policy from time to time by publishing a new version on our website. The date of the last amendment is indicated at the end of this policy.

If we make material changes that affect how we process your personal data or your rights, we will actively inform you as required by applicable law (for example, by email, in-app notification, or other direct communication).

The current version of this Privacy Policy was last amended on September 16, 2025.

2. Your Rights

Under applicable data protection law, in particular the EU General Data Protection Regulation (GDPR), you have the following rights regarding the processing of your personal data:

Right of access (Art. 15 GDPR): You may request information about your personal data processed by us, including the purposes of processing, categories of data, recipients, storage period, and more.
Right to rectification (Art. 16 GDPR): You may request the correction of inaccurate data or completion of your personal data stored by us.
Right to erasure (Art. 17 GDPR): You may request the deletion of your personal data, unless processing is necessary for legal obligations, public interest, freedom of expression, or legal claims.
Right to restriction (Art. 18 GDPR): You may request the restriction of processing under certain conditions (e.g., contesting accuracy, unlawful processing, pending objections).
Right to data portability (Art. 20 GDPR): You may receive your personal data in a structured, commonly used, machine-readable format and request transfer to another controller.
Right to withdraw consent (Art. 7(3) GDPR): You may withdraw consent at any time, with effect for the future.
Right to lodge a complaint (Art. 77 GDPR): You may contact the Austrian Data Protection Authority (Datenschutzbehörde, www.dsb.gv.at) or any other competent supervisory authority in the EU. A full list of supervisory authorities is available here: https://www.bfdi.bund.de/DE/Service/Anschriften/Europa/Europa-node.html
Right to object (Art. 21 GDPR): You may object at any time to processing based on Art. 6(1)(e) or (f) GDPR, including profiling. In such cases, we will no longer process your data unless there are compelling legitimate grounds. You also have the right to object at any time to the use of your data for direct marketing.

Requests to exercise your rights can be submitted to us at [email protected]. The exercise of these rights is free of charge, unless requests are manifestly unfounded or excessive.

Additional rights for US residents:

Depending on your state of residence, you may have further rights under applicable US privacy laws. These are described in detail in the US Privacy Addendum (Section 15).

3. Purposes and Legal Bases of Data Processing

We process your personal data in accordance with the EU General Data Protection Regulation (GDPR) and all other applicable data protection laws. The legal bases for processing are derived in particular from Art. 6 GDPR

We use your data for the following purposes:

to initiate and fulfill contractual relationships and related obligations
to comply with legal requirements (e.g., tax and commercial laws),
to provide and improve our products and services,
to manage your account and display your profile or content you provide,
to maintain and strengthen customer relationships, including analyses for marketing purposes and direct advertising (based on Art. 6(1)(f) GDPR, with the right to object at any time),
based on your consent (Art. 6(1)(a) GDPR), where you may withdraw your consent at any time with future effect.

If the processing involves special categories of personal data (Art. 9(1) GDPR), this will only take place on the basis of your explicit consent (Art. 9(2)(a) GDPR) or another applicable legal provision.

Disclosure to Third Parties

We only disclose your personal data to third parties in accordance with legal provisions, where necessary for providing our services, or with your consent. Otherwise, disclosure will only occur where we are legally obliged to do so (e.g., supervisory authorities, law enforcement). If data is transferred outside the European Economic Area (EEA), this will take place only where an adequate level of protection is ensured (e.g., through adequacy decisions or standard contractual clauses).

Where data is transferred outside the European Economic Area (EEA), this takes place only where an adequate level of protection is ensured (e.g., through the EU–US Data Privacy Framework or Standard Contractual Clauses approved by the European Commission).

Data Retention Period

We retain your personal data only for as long as necessary for the respective processing purpose. Legal retention obligations (e.g., commercial and tax law) may require longer storage periods. Once the legal or contractual obligations end, data will be deleted routinely. Data may also be retained where you have given consent or where required in the context of legal disputes, within applicable limitation periods (up to 30 years in certain cases).

Secure Data Transmission

We implement appropriate technical and organizational measures to protect your data against accidental or intentional manipulation, loss, destruction, or unauthorized access. Our security measures are regularly reviewed and updated. Data transmission from and to our website is encrypted via HTTPS using current encryption standards. Alternative communication methods (e.g., postal service) are available.

Obligation to Provide Data

Certain personal data are required for the initiation, performance, and termination of contractual relationships as well as the fulfillment of related legal obligations. Without this data, we cannot process your request or provide the relevant services.

Profiling and Automated Processing

Some of our processing activities (e.g., analytics, advertising, remarketing through Google or Meta) may constitute profiling within the meaning of Art. 4(4) GDPR. Such profiling is used only to personalize content and ads or to measure effectiveness. We do not use profiling to produce legal effects or similarly significant decisions within the meaning of Art. 22 GDPR.

Use of AI Technologies

We may in the future use AI-based technologies to support certain features of our services (e.g., automated analysis, personalization). These tools would only be used in compliance with applicable data protection laws and would not involve fully automated decision-making with legal or similarly significant effects under Art. 22 GDPR.

Additional Information for US Residents

Depending on your state of residence (e.g., California, Virginia, Colorado, Connecticut, Utah), you may have additional rights under applicable privacy laws. These may include:

the right to know the categories of personal information we collect,
the purposes for which we use them,
the categories of third parties with whom we share them,
the right to request deletion or correction,
the right to opt out of the sale or sharing of personal information, and
the right not to be discriminated against for exercising your privacy rights.

Further details are provided in the US Privacy Addendum at the end of this Privacy Policy.

4. Data Collection When Visiting Our Website

The personal data we process depends on how you interact with our website (e.g., by creating or completing a profile, uploading content, placing an order, sending a request via a contact form, participating in a survey, or filing a complaint). In specific cases, we may provide additional information directly at the point of data collection.

Cookies

Our website uses cookies and similar technologies. Cookies are small text files stored on your device by your browser. Some cookies are technically necessary (e.g., session cookies for navigation), while others serve analytical or marketing purposes.

Necessary cookies are processed on the basis of our legitimate interests (Art. 6(1)(f) GDPR) in ensuring the technically error-free and optimized provision of our services.
Non-essential cookies (e.g., analytics, marketing) are only used with your consent (Art. 6(1)(a) GDPR). You can withdraw your consent at any time via our cookie banner or browser settings.

You can configure your browser to be informed about cookies, allow cookies only in individual cases, exclude the acceptance of cookies for certain cases, or enable automatic deletion when closing the browser. Disabling cookies may limit the functionality of the website.

For US residents: depending on applicable law (e.g., CCPA/CPRA), cookies and similar technologies may be considered the “sale” or “sharing” of personal information. You have the right to opt out of such processing. Please refer to the “Do Not Sell or Share My Personal Information” section of this Privacy Policy for details.

Server Log Files

When visiting our website for informational purposes only, we collect only the personal data your browser transmits to our server (server log files). This includes:

IP address, Internet service provider, date and time of the request, time zone, content of the request, access status/HTTP status code, data volume transferred, referrer URL, browser type and version, operating system and interface, language.

These data are processed to ensure stability and security of the website (Art. 6(1)(f) GDPR). This data is not merged with other sources.

Contact via Email, Phone, or Contact Form

If you contact us (e.g., via email, phone, or contact form), we will process the information you provide (such as name, contact details, request) to handle your inquiry. Processing is based on Art. 6(1)(b) GDPR (contract or pre-contractual measures), or otherwise on your consent (Art. 6(1)(a) GDPR) or our legitimate interests (Art. 6(1)(f) GDPR). All data transmissions are encrypted (SSL/HTTPS). Emails are processed via servers located in Germany; if third-party providers outside the EU are involved, appropriate safeguards (e.g., Standard Contractual Clauses) are implemented.

We will retain your request data only as long as necessary to process your inquiry, unless longer storage is required by law.

Advertising Purpose for Existing Customers

We may use your email address, collected in the context of a purchase or customer relationship, to send you information about our own similar products or services. This processing is based on our legitimate interests in direct marketing (Art. 6(1)(f) GDPR, § 107 TKG). You may object to the use of your data for direct marketing at any time, without charge and without giving reasons. Please send your objection to [email protected] or by post to Stoxcraft OG, Doerfl 56, A-8262 Ilz, Austria.

5. Google Analytics

This website uses functions of the web analytics service Google Analytics, provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”). Google Analytics uses cookies and similar technologies to analyze how visitors use our website. The information generated is usually transmitted to a Google server in the United States and stored there.

The use of Google Analytics is based on your consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive). You can withdraw your consent at any time via our cookie banner or through your browser settings

a) IP Anonymization

We have enabled IP anonymization. Within the EU and EEA, your IP address will be shortened before transfer to the USA. Only in exceptional cases will the full IP address be transferred to a Google server in the USA and shortened there.

b) Purpose of Processing

Google uses the collected information to evaluate your use of the website, compile reports on website activity, and provide additional services related to website and internet usage. The IP address transmitted by your browser will not be merged with other Google data.

c) Opt-Out Options

You can prevent cookies from being stored by adjusting your browser settings.
You can prevent the collection of data by Google by installing the browser plugin: https://tools.google.com/dlpage/gaoptout?hl=en.
You can manage or revoke your consent to Analytics cookies at any time via our cookie settings. Manage Cookies

d) Data Processing Agreement

We have concluded a Data Processing Agreement (DPA) with Google and comply with the strict requirements of the European data protection authorities when using Google Analytics.

e) Demographics Feature

This website uses the “demographics” feature of Google Analytics, which enables the creation of reports on age, gender, and interests. These data are derived from interest-based advertising and third-party data. They are not attributable to a specific person. You can deactivate this feature in your Google account settings or by adjusting your cookie preferences.

f) Retention Period

Data linked to cookies, user IDs, or advertising IDs are retained for 14 months and then anonymized or deleted.

g) International Data Transfers

Data may be transferred to Google servers in the United States. Such transfers are based on the EU–US Data Privacy Framework or, where applicable, on Standard Contractual Clauses (SCCs) approved by the European Commission, ensuring an adequate level of data protection.

More information on how Google Analytics handles user data can be found in Google's privacy policy: https://support.google.com/analytics/answer/6004245?hl=en.

6. Google DoubleClick

Our website uses Google DoubleClick, provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA. DoubleClick enables interest-based advertising across the Google advertising network. For this purpose, cookies and similar technologies are used to build pseudonymous user profiles.

The use of DoubleClick is based on your consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive). You may withdraw your consent at any time via our cookie banner under “Manage Cookies.”

We have concluded a Data Processing Agreement with Google and comply with the requirements of European data protection authorities. Further information is available at: https://policies.google.com/technologies/ads and https://adssettings.google.com.

7. Google GA Audience

We use GA Audience, a service provided by Google LLC, to analyze user behavior across devices and to optimize advertising. GA Audience may access cookies created through Google Ads and Google Analytics. Data such as IP addresses and user activities may be transmitted to Google servers in the USA and processed there.

The use of GA Audience is based on your consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive). You may withdraw your consent at any time via our cookie banner under “Manage Cookies.”

We have concluded a Data Processing Agreement with Google and comply with European data protection requirements. More information: https://support.google.com/analytics/answer/2700409.

8. Google Place IP / Cloud Console

We use Google Place IP, provided by Google LLC, to display location-based results (e.g., address suggestions in search filters). To provide this service, your location data or IP address may be processed and transmitted to Google.

The use of Google Place IP is based on your consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive). You may withdraw your consent at any time via our cookie banner under “Manage Cookies.”

We have concluded a Data Processing Agreement with Google. Further information is available at: https://cloud.google.com/maps-platform/terms and https://policies.google.com/privacy

9. Facebook Pixel

Our website uses the Meta Pixel (formerly Facebook Pixel), provided by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, and in some cases Meta Platforms Inc., 1601 S California Ave, Palo Alto, CA 94304, USA.

The Meta Pixel enables us to display interest-based advertisements (“Meta Ads”) to visitors of our website when they use Facebook or other websites using this technology. It also allows us to measure the effectiveness of our ads for statistical and market research purposes by tracking whether users were redirected to our site after clicking on a Meta Ad.

When you visit our website, the Meta Pixel establishes a direct connection between your browser and Meta’s servers. Meta may receive information that you visited our website or interacted with our ads. If you are a registered Meta user, Meta can assign this visit to your account. Even if you are not logged in, Meta may still collect and process your IP address and other identifiers. This may involve profiling to deliver personalized ads.

The use of the Meta Pixel is based on your consent (Art. 6(1)(a) GDPR, Art. 5(3) ePrivacy Directive). You may withdraw your consent at any time via our cookie banner under “Manage Cookies.”

We have concluded a Data Processing Agreement with Meta and comply with the requirements of the European data protection authorities. Where data are transferred to Meta servers in the USA, this is based on the EU–US Data Privacy Framework or, where applicable, on Standard Contractual Clauses (SCCs) approved by the European Commission.

For more information about how Meta processes personal data, please visit: https://www.facebook.com/privacy/policy.

US Privacy Notice

For residents of California and other US states with privacy laws: the use of the Meta Pixel may constitute a “sharing” of personal information under the CCPA/CPRA. You have the right to opt out of such sharing at any time. Please see our “Do Not Sell or Share My Personal Information” section for details.

10. Image Storage Service Cloudinary

To optimize the performance of our website, we use the image storage and delivery service Cloudinary, provided by Cloudinary Ltd., 111 W Evelyn Ave, Suite 206, Sunnyvale, CA 94086, USA.

When you access our website, requests for images and related files are transmitted directly to Cloudinary’s servers. Cloudinary thereby receives information such as your IP address, browser details, and the subpage of our website accessed. This happens regardless of whether you have a user account with Cloudinary.

The use of Cloudinary is based on our legitimate interest in fast and efficient delivery of website content (Art. 6(1)(f) GDPR). Where consent is required under the ePrivacy Directive (e.g., for non-essential cookies), we only process data based on your consent (Art. 6(1)(a) GDPR).

Cloudinary participates in the EU–US Data Privacy Framework, which has been recognized by the European Commission as providing an adequate level of data protection. Where applicable, Standard Contractual Clauses (SCCs) are also in place.

For more information about how Cloudinary processes personal data, please see: https://cloudinary.com/privacy.

US Privacy Notice

For residents of California and other US states with privacy laws: the transfer of technical data to Cloudinary may be considered a “sharing” of personal information under the CCPA/CPRA. You have the right to opt out of such sharing at any time. Please see our “Do Not Sell or Share My Personal Information” section for details.

11. Payment Processing Stripe

We use the payment service provider Stripe Payments Europe, Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland (“Stripe”) for processing payments on our website. For some services, data may also be processed by Stripe, Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA.

When you complete a payment on our website, the information you provide (such as name, email address, billing address, payment method, and transaction details) is transmitted directly to Stripe. Stripe uses this information to process the payment and to prevent fraud. We do not store your full credit card information on our systems.

The use of Stripe is necessary for the performance of the contract (Art. 6(1)(b) GDPR). For fraud prevention and risk management, Stripe may also process your data based on its legitimate interests (Art. 6(1)(f) GDPR). Where required by law, Stripe may further process your data for compliance with legal obligations (Art. 6(1)(c) GDPR).

Stripe has implemented appropriate safeguards for international data transfers. Stripe is certified under the EU–US Data Privacy Framework, and Standard Contractual Clauses (SCCs) are also in place to ensure an adequate level of protection.

For more details, please see Stripe’s Privacy Policy: https://stripe.com/privacy.

US Privacy Notice

For residents of California and other US states with privacy laws: the transfer of payment data to Stripe for processing may be considered a “sharing” of personal information under the CCPA/CPRA. You have the right to opt out of such sharing to the extent required by law. However, please note that opting out may affect our ability to process payments. For more information, see our “Do Not Sell or Share My Personal Information” section.

12. External Hosting

Our website is hosted by external service providers on servers located in Europe. The main hosting provider for our platform is Heroku (Salesforce.com, Inc.), headquartered in San Francisco, California, USA. Our blog website is hosted by Raidboxes GmbH, Hafenstraße 32, 48153 Münster, Germany.

Personal data is primarily stored on servers located in the European Union. Where services are provided by Heroku (Salesforce.com, Inc.), data may in some cases be processed in the United States or other third countries. Such transfers only occur where necessary for service provision and are safeguarded by the EU–US Data Privacy Framework or, where applicable, Standard Contractual Clauses (SCCs) approved by the European Commission.

Personal data collected through our website (such as IP addresses, contact requests, metadata and communication data, contract data, contact details, names, website access logs, and other information generated through website use) may be stored on the servers of these providers.

The use of external hosting providers is based on a Data Processing Agreement in accordance with Art. 28 GDPR. Hosting serves both the initiation and performance of contracts with potential and existing customers (Art. 6(1)(b) GDPR) and our legitimate interest in the secure, fast, and efficient provision of our online services by a professional provider (Art. 6(1)(f) GDPR).

Our hosting providers process your data only to the extent necessary to fulfill their contractual service obligations and in accordance with our instructions. They are contractually prohibited from using your data for their own purposes.

For more information on how Heroku (Salesforce) processes personal data, please see their Privacy Policy: https://www.salesforce.com/company/privacy/ and Heroku’s Security & Privacy page: https://devcenter.heroku.com/articles/security-privacy-compliance.

US Privacy Notice

For residents of California and other US states with privacy laws: Heroku and Raidboxes act as service providers or processors. They process personal information on our behalf and are contractually prohibited from using it for any other purpose. Such processing does not constitute a “sale” or “sharing” of personal information under the CCPA/CPRA.

13. Social Media

a) Data Processing by Social Networks

We maintain publicly accessible profiles on social networks (Facebook, Instagram, TikTok, Threads, LinkedIn). When you visit these profiles or interact with content (such as like buttons), the operators of these platforms may collect personal data such as IP addresses, cookies, and browsing behavior. If you are logged in to your account, the provider can link this information directly to your profile. Even if you are not logged in, data may still be collected. Social networks may use this information to create user profiles for targeted advertising.

b) Legal Basis

Our social media presences are operated on the basis of our legitimate interest in providing broad online visibility and communication opportunities (Art. 6(1)(f) GDPR). The processing performed by the respective social networks is governed by their own legal bases (usually consent under Art. 6(1)(a) GDPR for tracking and profiling).

c) Joint Responsibility

When you interact with our social media profiles (e.g., on Facebook), we and the platform operator may be considered joint controllers under Art. 26 GDPR. In such cases, the operator provides an addendum (e.g., Meta’s Page Controller Addendum), which specifies the allocation of responsibilities. You can assert your rights both against us and against the respective operator, although our influence over platform-side processing is limited.

d) Storage Duration

Data collected directly by us through social media presences will be deleted when the purpose no longer applies or upon your request, subject to legal retention periods. The storage and use of data by social media operators are outside our control. For details, please refer to the privacy policies of the respective networks listed below.

e) Shariff Buttons

On our website, we only use the privacy-friendly “Shariff” implementation (two-click solution). Data is only transmitted to social networks when you actively click on a button.

f) International Transfers

Where data is transferred to the United States, this is based on the EU–US Data Privacy Framework or, where applicable, Standard Contractual Clauses (SCCs).

g) Social Networks in Detail

We maintain publicly accessible profiles on the following social networks to communicate with users and share information about Stoxcraft:

aa) Facebook

We maintain a profile on Facebook, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. For details on how Facebook processes personal data, please see the Facebook Privacy Policy. For EU users, we and Meta are considered joint controllers under the GDPR based on the Page Controller Addendum. Data transfers to the USA are based on the EU–US Data Privacy Framework or Standard Contractual Clauses (SCCs).

bb) LinkedIn

We maintain a profile on LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Plaza, Dublin 2, Ireland. Details on data processing can be found in the LinkedIn Privacy Policy. Data transfers to the USA are based on the EU–US Data Privacy Framework or SCCs

cc) Instagram

We maintain a profile on Instagram, operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. For details, please see the Instagram Privacy Policy. Data transfers to the USA are based on the EU–US Data Privacy Framework or SCCs.

dd) Threads

We maintain a profile on Threads, also operated by Meta Platforms Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland. For details, please see the Threads Privacy Policy. Data transfers to the USA are based on the EU–US Data Privacy Framework or SCCs.

ee) TikTok

We maintain a profile on TikTok, operated by TikTok Technology Ltd., 10 Earlsfort Terrace, Dublin, Ireland. For details, please see the TikTok Privacy Policy. Data transfers to the USA are based on SCCs approved by the European Commission.

14. Children´s Privacy and Third-Party Links

Online Offers for Children and Adolescents

Our services are not directed at individuals under the age of 18. Persons under 18 are not permitted to transmit personal data to us or provide consent without the approval of their legal guardians. Where required by law, lower age limits apply (e.g., 16 under the GDPR unless reduced by national law, 13 under the U.S. COPPA). We encourage parents and guardians to actively participate in and monitor the online activities of their children.

Links to Other Providers

Our website contains clearly identifiable links to the websites of other companies. We have no influence on the content of these external websites. Responsibility for such content lies solely with the respective provider or operator. Continuous monitoring of linked pages without concrete evidence of a legal violation is not feasible. Upon becoming aware of any such violation, we will promptly remove the link.

15. US Privacy Addendum

This section supplements our Privacy Policy for residents of US states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, and Utah).

Categories of personal information we collect: identifiers (e.g., name, email, IP address), commercial information (e.g., purchases), internet or network activity (e.g., device/browser data, pages viewed), geolocation (approximate), and in limited cases payment-related information processed by Stripe. We do not intentionally collect sensitive personal information beyond what is necessary to process payments (e.g., partial financial details handled by Stripe) and account security data.

Sources: you (when you provide data or use our services), your devices (automatic collection via cookies/SDKs), our service providers (e.g., Stripe, Cloudinary, hosting), and publicly available sources.

Purposes: provide and secure services, process payments, fulfill contracts, customer support, analytics, fraud prevention, compliance, and (with consent, where required) advertising/measurement.

Disclosures: we disclose personal information to service providers/processors (e.g., Stripe, Cloudinary, Heroku, Raidboxes) and, with consent where required, to analytics/advertising partners (e.g., Google/Meta). We do not knowingly sell personal information for money. Certain analytics/advertising uses may be deemed “sharing” under CPRA; see Section 16 for opt-out

Retention: we retain data only as long as reasonably necessary for the purposes described, considering legal, security, and operational needs. Criteria include account lifecycle, statutory retention (e.g., tax/commercial), security/audit requirements, and limitation periods. Payment/transaction records may be retained up to 7 years; web analytics data typically up to 25 months; account data for as long as your account is active or as required by law.

Your rights: depending on your state, you may have the right to know/access, correct, delete, opt out of sale/sharing/targeted advertising, and non-discrimination.

How to exercise: email [email protected] or write to Stoxcraft OG, Doerfl 56, A-8262 Ilz, Austria. We will verify your request (e.g., via account email). You may use an authorized agent (with verifiable authorization). We will respond within 45 days (extendable once by 45 days where reasonably necessary). VA/CO residents may appeal a denial within 45 days; we will respond to appeals within 60 days with reasons.

16. Do Not Sell or Share My Personal Information (US Residents)

We do not sell your personal information for money. However, under certain US state privacy laws (such as the California Consumer Privacy Act, CCPA/CPRA), the use of cookies and similar technologies for analytics and advertising may be considered a “sale” or “sharing” of personal information. This may include sharing identifiers (e.g., IP addresses or cookie IDs) and internet activity information with analytics or advertising partners.

Your rights: You have the right to opt out of the sale or sharing of your personal information at any time, without discrimination.

How to opt out: (i) use our cookie banner to disable non-essential cookies (analytics/advertising), and/or (ii) email [email protected] with the subject “Do Not Sell or Share My Personal Information.”

We honor Global Privacy Control (GPC) signals where required by law.

17. Additional Provisions

Contact Information

If you have any questions or requests regarding our processing of personal data, please contact us at [email protected] with the subject line "Data Protection."

Responsible Party

The responsible party (controller) for data processing on this website is:

Company:	Stoxcraft OG
Address:	Doerfl 56, A-8262 Ilz, Austria
Owner:	Mr. Armin Skelic, MA
Co-owner:	Mr. Patrick Janisch, MA
Email:	[email protected]

The responsible party is the natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

WE RESERVE THE RIGHT TO ADJUST OR AMEND THIS PRIVACY POLICY FROM TIME TO TIME IN ACCORDANCE WITH APPLICABLE LAWS.